search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
krb5.h: do not use anonymous enum for alternate E[NC]TYPE names
[heimdal.git] / lib / krb5 / krb5.h
bloba80b30f209445862eb1be554065d349e339c2652
1 /*
2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
4 * All rights reserved.
5 *
6 * Portions Copyright (c) 2009 Apple Inc. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in the
17 * documentation and/or other materials provided with the distribution.
18 *
19 * 3. Neither the name of the Institute nor the names of its contributors
20 * may be used to endorse or promote products derived from this software
21 * without specific prior written permission.
22 *
23 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33 * SUCH DAMAGE.
34 */
35
36 /* $Id$ */
37
38 #ifndef __KRB5_H__
39 #define __KRB5_H__
40
41 #include <time.h>
42 #include <krb5-types.h>
43
44 #include <asn1_err.h>
45 #include <krb5_err.h>
46 #include <heim_err.h>
47 #include <k524_err.h>
48 #include <k5e1_err.h>
49
50 #include <krb5_asn1.h>
51 typedef Krb5Int32 krb5int32;
52 typedef Krb5UInt32 krb5uint32;
53
54 /* name confusion with MIT */
55 #ifndef KRB5KDC_ERR_KEY_EXP
56 #define KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED
57 #endif
58
59 #ifdef _WIN32
60 #define KRB5_CALLCONV __stdcall
61 #define KRB5_LIB_CALL __stdcall
62 #else
63 #define KRB5_CALLCONV
64 #define KRB5_LIB_CALL
65 #endif
66
67 /* simple constants */
68
69 #ifndef TRUE
70 #define TRUE 1
71 #define FALSE 0
72 #endif
73
74 typedef int krb5_boolean;
75
76 typedef int32_t krb5_error_code;
77
78 typedef int32_t krb5_kvno;
79
80 typedef uint32_t krb5_flags;
81
82 typedef void *krb5_pointer;
83 typedef const void *krb5_const_pointer;
84
85 struct krb5_crypto_data;
86 typedef struct krb5_crypto_data *krb5_crypto;
87
88 struct krb5_get_creds_opt_data;
89 typedef struct krb5_get_creds_opt_data *krb5_get_creds_opt;
90
91 struct krb5_digest_data;
92 typedef struct krb5_digest_data *krb5_digest;
93 struct krb5_ntlm_data;
94 typedef struct krb5_ntlm_data *krb5_ntlm;
95
96 struct krb5_pac_data;
97 typedef struct krb5_pac_data *krb5_pac;
98
99 typedef struct krb5_rd_req_in_ctx_data *krb5_rd_req_in_ctx;
100 typedef struct krb5_rd_req_out_ctx_data *krb5_rd_req_out_ctx;
101
102 typedef CKSUMTYPE krb5_cksumtype;
103
104 typedef Checksum krb5_checksum;
105
106 typedef ENCTYPE krb5_enctype;
107
108 typedef struct krb5_get_init_creds_ctx *krb5_init_creds_context;
109
110 typedef heim_octet_string krb5_data;
111
112 /* PKINIT related forward declarations */
113 struct ContentInfo;
114 struct krb5_pk_identity;
115 struct krb5_pk_cert;
116
117 /* krb5_enc_data is a mit compat structure */
118 typedef struct krb5_enc_data {
119 krb5_enctype enctype;
120 krb5_kvno kvno;
121 krb5_data ciphertext;
122 } krb5_enc_data;
123
124 /* alternative names */
125 #define ENCTYPE_NULL KRB5_ENCTYPE_NULL
126 #define ENCTYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC
127 #define ENCTYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4
128 #define ENCTYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5
129 #define ENCTYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5
130 #define ENCTYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1
131 #define ENCTYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE
132 #define ENCTYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV
133 #define ENCTYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB
134 #define ENCTYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1
135 #define ENCTYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96
136 #define ENCTYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
137 #define ENCTYPE_ARCFOUR_HMAC KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
138 #define ENCTYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
139 #define ENCTYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56
140 #define ENCTYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS
141 #define ENCTYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE
142 #define ENCTYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE
143 #define ENCTYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE
144 #define ENCTYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE
145 #define ETYPE_NULL KRB5_ENCTYPE_NULL
146 #define ETYPE_DES_CBC_CRC KRB5_ENCTYPE_DES_CBC_CRC
147 #define ETYPE_DES_CBC_MD4 KRB5_ENCTYPE_DES_CBC_MD4
148 #define ETYPE_DES_CBC_MD5 KRB5_ENCTYPE_DES_CBC_MD5
149 #define ETYPE_DES3_CBC_MD5 KRB5_ENCTYPE_DES3_CBC_MD5
150 #define ETYPE_OLD_DES3_CBC_SHA1 KRB5_ENCTYPE_OLD_DES3_CBC_SHA1
151 #define ETYPE_SIGN_DSA_GENERATE KRB5_ENCTYPE_SIGN_DSA_GENERATE
152 #define ETYPE_ENCRYPT_RSA_PRIV KRB5_ENCTYPE_ENCRYPT_RSA_PRIV
153 #define ETYPE_ENCRYPT_RSA_PUB KRB5_ENCTYPE_ENCRYPT_RSA_PUB
154 #define ETYPE_DES3_CBC_SHA1 KRB5_ENCTYPE_DES3_CBC_SHA1
155 #define ETYPE_AES128_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA1_96
156 #define ETYPE_AES256_CTS_HMAC_SHA1_96 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA1_96
157 #define ETYPE_AES128_CTS_HMAC_SHA256_128 KRB5_ENCTYPE_AES128_CTS_HMAC_SHA256_128
158 #define ETYPE_AES256_CTS_HMAC_SHA384_192 KRB5_ENCTYPE_AES256_CTS_HMAC_SHA384_192
159 #define ETYPE_ARCFOUR_HMAC_MD5 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5
160 #define ETYPE_ARCFOUR_HMAC_MD5_56 KRB5_ENCTYPE_ARCFOUR_HMAC_MD5_56
161 #define ETYPE_ENCTYPE_PK_CROSS KRB5_ENCTYPE_ENCTYPE_PK_CROSS
162 #define ETYPE_ARCFOUR_MD4 KRB5_ENCTYPE_ARCFOUR_MD4
163 #define ETYPE_ARCFOUR_HMAC_OLD KRB5_ENCTYPE_ARCFOUR_HMAC_OLD
164 #define ETYPE_ARCFOUR_HMAC_OLD_EXP KRB5_ENCTYPE_ARCFOUR_HMAC_OLD_EXP
165 #define ETYPE_DES_CBC_NONE KRB5_ENCTYPE_DES_CBC_NONE
166 #define ETYPE_DES3_CBC_NONE KRB5_ENCTYPE_DES3_CBC_NONE
167 #define ETYPE_DES_CFB64_NONE KRB5_ENCTYPE_DES_CFB64_NONE
168 #define ETYPE_DES_PCBC_NONE KRB5_ENCTYPE_DES_PCBC_NONE
169 #define ETYPE_DIGEST_MD5_NONE KRB5_ENCTYPE_DIGEST_MD5_NONE
170 #define ETYPE_CRAM_MD5_NONE KRB5_ENCTYPE_CRAM_MD5_NONE
171 #define DOMAIN_X500_COMPRESS domain_X500_compress
172
173 /* PDU types */
174 typedef enum krb5_pdu {
175 KRB5_PDU_ERROR = 0,
176 KRB5_PDU_TICKET = 1,
177 KRB5_PDU_AS_REQUEST = 2,
178 KRB5_PDU_AS_REPLY = 3,
179 KRB5_PDU_TGS_REQUEST = 4,
180 KRB5_PDU_TGS_REPLY = 5,
181 KRB5_PDU_AP_REQUEST = 6,
182 KRB5_PDU_AP_REPLY = 7,
183 KRB5_PDU_KRB_SAFE = 8,
184 KRB5_PDU_KRB_PRIV = 9,
185 KRB5_PDU_KRB_CRED = 10,
186 KRB5_PDU_NONE = 11 /* See krb5_get_permitted_enctypes() */
187 } krb5_pdu;
188
189 typedef PADATA_TYPE krb5_preauthtype;
190
191 typedef enum krb5_key_usage {
192 KRB5_KU_PA_ENC_TIMESTAMP = 1,
193 /* AS-REQ PA-ENC-TIMESTAMP padata timestamp, encrypted with the
194 client key (section 5.4.1) */
195 KRB5_KU_TICKET = 2,
196 /* AS-REP Ticket and TGS-REP Ticket (includes tgs session key or
197 application session key), encrypted with the service key
198 (section 5.4.2) */
199 KRB5_KU_AS_REP_ENC_PART = 3,
200 /* AS-REP encrypted part (includes tgs session key or application
201 session key), encrypted with the client key (section 5.4.2) */
202 KRB5_KU_TGS_REQ_AUTH_DAT_SESSION = 4,
203 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
204 session key (section 5.4.1) */
205 KRB5_KU_TGS_REQ_AUTH_DAT_SUBKEY = 5,
206 /* TGS-REQ KDC-REQ-BODY AuthorizationData, encrypted with the tgs
207 authenticator subkey (section 5.4.1) */
208 KRB5_KU_TGS_REQ_AUTH_CKSUM = 6,
209 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator cksum, keyed
210 with the tgs session key (sections 5.3.2, 5.4.1) */
211 KRB5_KU_TGS_REQ_AUTH = 7,
212 /* TGS-REQ PA-TGS-REQ padata AP-REQ Authenticator (includes tgs
213 authenticator subkey), encrypted with the tgs session key
214 (section 5.3.2) */
215 KRB5_KU_TGS_REP_ENC_PART_SESSION = 8,
216 /* TGS-REP encrypted part (includes application session key),
217 encrypted with the tgs session key (section 5.4.2) */
218 KRB5_KU_TGS_REP_ENC_PART_SUB_KEY = 9,
219 /* TGS-REP encrypted part (includes application session key),
220 encrypted with the tgs authenticator subkey (section 5.4.2) */
221 KRB5_KU_AP_REQ_AUTH_CKSUM = 10,
222 /* AP-REQ Authenticator cksum, keyed with the application session
223 key (section 5.3.2) */
224 KRB5_KU_AP_REQ_AUTH = 11,
225 /* AP-REQ Authenticator (includes application authenticator
226 subkey), encrypted with the application session key (section
227 5.3.2) */
228 KRB5_KU_AP_REQ_ENC_PART = 12,
229 /* AP-REP encrypted part (includes application session subkey),
230 encrypted with the application session key (section 5.5.2) */
231 KRB5_KU_KRB_PRIV = 13,
232 /* KRB-PRIV encrypted part, encrypted with a key chosen by the
233 application (section 5.7.1) */
234 KRB5_KU_KRB_CRED = 14,
235 /* KRB-CRED encrypted part, encrypted with a key chosen by the
236 application (section 5.8.1) */
237 KRB5_KU_KRB_SAFE_CKSUM = 15,
238 /* KRB-SAFE cksum, keyed with a key chosen by the application
239 (section 5.6.1) */
240 KRB5_KU_OTHER_ENCRYPTED = 16,
241 /* Data which is defined in some specification outside of
242 Kerberos to be encrypted using an RFC1510 encryption type. */
243 KRB5_KU_OTHER_CKSUM = 17,
244 /* Data which is defined in some specification outside of
245 Kerberos to be checksummed using an RFC1510 checksum type. */
246 KRB5_KU_KRB_ERROR = 18,
247 /* Krb-error checksum */
248 KRB5_KU_AD_KDC_ISSUED = 19,
249 /* AD-KDCIssued checksum */
250 KRB5_KU_MANDATORY_TICKET_EXTENSION = 20,
251 /* Checksum for Mandatory Ticket Extensions */
252 KRB5_KU_AUTH_DATA_TICKET_EXTENSION = 21,
253 /* Checksum in Authorization Data in Ticket Extensions */
254 KRB5_KU_USAGE_SEAL = 22,
255 /* seal in GSSAPI krb5 mechanism */
256 KRB5_KU_USAGE_SIGN = 23,
257 /* sign in GSSAPI krb5 mechanism */
258 KRB5_KU_USAGE_SEQ = 24,
259 /* SEQ in GSSAPI krb5 mechanism */
260 KRB5_KU_USAGE_ACCEPTOR_SEAL = 22,
261 /* acceptor sign in GSSAPI CFX krb5 mechanism */
262 KRB5_KU_USAGE_ACCEPTOR_SIGN = 23,
263 /* acceptor seal in GSSAPI CFX krb5 mechanism */
264 KRB5_KU_USAGE_INITIATOR_SEAL = 24,
265 /* initiator sign in GSSAPI CFX krb5 mechanism */
266 KRB5_KU_USAGE_INITIATOR_SIGN = 25,
267 /* initiator seal in GSSAPI CFX krb5 mechanism */
268 KRB5_KU_PA_SERVER_REFERRAL_DATA = 22,
269 /* encrypted server referral data */
270 KRB5_KU_SAM_CHECKSUM = 25,
271 /* Checksum for the SAM-CHECKSUM field */
272 KRB5_KU_SAM_ENC_TRACK_ID = 26,
273 /* Encryption of the SAM-TRACK-ID field */
274 KRB5_KU_PA_SERVER_REFERRAL = 26,
275 /* Keyusage for the server referral in a TGS req */
276 KRB5_KU_SAM_ENC_NONCE_SAD = 27,
277 /* Encryption of the SAM-NONCE-OR-SAD field */
278 KRB5_KU_PA_PKINIT_KX = 44,
279 /* Encryption type of the kdc session contribution in pk-init */
280 KRB5_KU_AS_REQ = 56,
281 /* Checksum of over the AS-REQ send by the KDC in PA-REQ-ENC-PA-REP */
282 KRB5_KU_FAST_REQ_CHKSUM = 50,
283 /* FAST armor checksum */
284 KRB5_KU_FAST_ENC = 51,
285 /* FAST armor encryption */
286 KRB5_KU_FAST_REP = 52,
287 /* FAST armor reply */
288 KRB5_KU_FAST_FINISHED = 53,
289 /* FAST finished checksum */
290 KRB5_KU_ENC_CHALLENGE_CLIENT = 54,
291 /* fast challenge from client */
292 KRB5_KU_ENC_CHALLENGE_KDC = 55,
293 /* fast challenge from kdc */
294 KRB5_KU_DIGEST_ENCRYPT = -18,
295 /* Encryption key usage used in the digest encryption field */
296 KRB5_KU_DIGEST_OPAQUE = -19,
297 /* Checksum key usage used in the digest opaque field */
298 KRB5_KU_KRB5SIGNEDPATH = -21,
299 /* Checksum key usage on KRB5SignedPath */
300 KRB5_KU_CANONICALIZED_NAMES = -23,
301 /* Checksum key usage on PA-CANONICALIZED */
302 KRB5_KU_H5L_COOKIE = -25
303 /* encrypted foo */
304 } krb5_key_usage;
305
306 typedef krb5_key_usage krb5_keyusage;
307
308 typedef enum krb5_salttype {
309 KRB5_PW_SALT = KRB5_PADATA_PW_SALT,
310 KRB5_AFS3_SALT = KRB5_PADATA_AFS3_SALT
311 }krb5_salttype;
312
313 typedef struct krb5_salt {
314 krb5_salttype salttype;
315 krb5_data saltvalue;
316 } krb5_salt;
317
318 typedef ETYPE_INFO krb5_preauthinfo;
319
320 typedef struct {
321 krb5_preauthtype type;
322 krb5_preauthinfo info; /* list of preauthinfo for this type */
323 } krb5_preauthdata_entry;
324
325 typedef struct krb5_preauthdata {
326 unsigned len;
327 krb5_preauthdata_entry *val;
328 }krb5_preauthdata;
329
330 typedef enum krb5_address_type {
331 KRB5_ADDRESS_INET = 2,
332 KRB5_ADDRESS_NETBIOS = 20,
333 KRB5_ADDRESS_INET6 = 24,
334 KRB5_ADDRESS_ADDRPORT = 256,
335 KRB5_ADDRESS_IPPORT = 257
336 } krb5_address_type;
337
338 enum {
339 AP_OPTS_USE_SESSION_KEY = 1,
340 AP_OPTS_MUTUAL_REQUIRED = 2,
341 AP_OPTS_USE_SUBKEY = 4 /* library internal */
342 };
343
344 typedef HostAddress krb5_address;
345
346 typedef HostAddresses krb5_addresses;
347
348 typedef krb5_enctype krb5_keytype;
349
350 enum krb5_keytype_old {
351 KEYTYPE_NULL = ETYPE_NULL,
352 KEYTYPE_DES = ETYPE_DES_CBC_CRC,
353 KEYTYPE_DES3 = ETYPE_OLD_DES3_CBC_SHA1,
354 KEYTYPE_AES128 = ETYPE_AES128_CTS_HMAC_SHA1_96,
355 KEYTYPE_AES256 = ETYPE_AES256_CTS_HMAC_SHA1_96,
356 KEYTYPE_ARCFOUR = ETYPE_ARCFOUR_HMAC_MD5,
357 KEYTYPE_ARCFOUR_56 = ETYPE_ARCFOUR_HMAC_MD5_56
358 };
359
360 typedef EncryptionKey krb5_keyblock;
361
362 typedef AP_REQ krb5_ap_req;
363
364 struct krb5_cc_ops;
365
366 #define KRB5_DEFAULT_CCFILE_ROOT "%{TEMP}/krb5cc_"
367
368 #define KRB5_DEFAULT_CCROOT "FILE:" KRB5_DEFAULT_CCFILE_ROOT
369
370 #define KRB5_ACCEPT_NULL_ADDRESSES(C) \
371 krb5_config_get_bool_default((C), NULL, TRUE, \
372 "libdefaults", "accept_null_addresses", \
373 NULL)
374
375 typedef void *krb5_cc_cursor;
376 typedef struct krb5_cccol_cursor_data *krb5_cccol_cursor;
377
378 typedef struct krb5_ccache_data {
379 const struct krb5_cc_ops *ops;
380 krb5_data data;
381 unsigned int cc_initialized:1; /* if 1: krb5_cc_initialize() called */
382 unsigned int cc_need_start_realm:1;
383 unsigned int cc_start_tgt_stored:1;
384 unsigned int cc_kx509_done:1;
385 }krb5_ccache_data;
386
387 typedef struct krb5_ccache_data *krb5_ccache;
388
389 typedef struct krb5_context_data *krb5_context;
390
391 typedef Realm krb5_realm;
392 typedef const char *krb5_const_realm; /* stupid language */
393
394 #define krb5_realm_length(r) strlen(r)
395 #define krb5_realm_data(r) (r)
396
397 typedef Principal krb5_principal_data;
398 typedef struct Principal *krb5_principal;
399 typedef const struct Principal *krb5_const_principal;
400 typedef struct Principals *krb5_principals;
401
402 typedef time_t krb5_deltat;
403 typedef time_t krb5_timestamp;
404
405 typedef struct krb5_times {
406 krb5_timestamp authtime;
407 krb5_timestamp starttime;
408 krb5_timestamp endtime;
409 krb5_timestamp renew_till;
410 } krb5_times;
411
412 typedef union {
413 TicketFlags b;
414 krb5_flags i;
415 } krb5_ticket_flags;
416
417 /* options for krb5_get_in_tkt() */
418 #define KDC_OPT_FORWARDABLE (1 << 1)
419 #define KDC_OPT_FORWARDED (1 << 2)
420 #define KDC_OPT_PROXIABLE (1 << 3)
421 #define KDC_OPT_PROXY (1 << 4)
422 #define KDC_OPT_ALLOW_POSTDATE (1 << 5)
423 #define KDC_OPT_POSTDATED (1 << 6)
424 #define KDC_OPT_RENEWABLE (1 << 8)
425 #define KDC_OPT_REQUEST_ANONYMOUS (1 << 14)
426 #define KDC_OPT_DISABLE_TRANSITED_CHECK (1 << 26)
427 #define KDC_OPT_RENEWABLE_OK (1 << 27)
428 #define KDC_OPT_ENC_TKT_IN_SKEY (1 << 28)
429 #define KDC_OPT_RENEW (1 << 30)
430 #define KDC_OPT_VALIDATE (1 << 31)
431
432 typedef union {
433 KDCOptions b;
434 krb5_flags i;
435 } krb5_kdc_flags;
436
437 /* flags for krb5_verify_ap_req */
438
439 #define KRB5_VERIFY_AP_REQ_IGNORE_INVALID (1 << 0)
440 #define KRB5_VERIFY_AP_REQ_IGNORE_ADDRS (1 << 1)
441
442 #define KRB5_GC_CACHED (1U << 0)
443 #define KRB5_GC_USER_USER (1U << 1)
444 #define KRB5_GC_EXPIRED_OK (1U << 2)
445 #define KRB5_GC_NO_STORE (1U << 3)
446 #define KRB5_GC_FORWARDABLE (1U << 4)
447 #define KRB5_GC_NO_TRANSIT_CHECK (1U << 5)
448 #define KRB5_GC_CONSTRAINED_DELEGATION (1U << 6)
449 #define KRB5_GC_CANONICALIZE (1U << 7)
450 #define KRB5_GC_ANONYMOUS (1U << 8)
451
452 /* constants for compare_creds (and cc_retrieve_cred) */
453 #define KRB5_TC_DONT_MATCH_REALM (1U << 31)
454 #define KRB5_TC_MATCH_KEYTYPE (1U << 30)
455 #define KRB5_TC_MATCH_KTYPE KRB5_TC_MATCH_KEYTYPE /* MIT name */
456 #define KRB5_TC_MATCH_SRV_NAMEONLY (1 << 29)
457 #define KRB5_TC_MATCH_FLAGS_EXACT (1 << 28)
458 #define KRB5_TC_MATCH_FLAGS (1 << 27)
459 #define KRB5_TC_MATCH_TIMES_EXACT (1 << 26)
460 #define KRB5_TC_MATCH_TIMES (1 << 25)
461 #define KRB5_TC_MATCH_AUTHDATA (1 << 24)
462 #define KRB5_TC_MATCH_2ND_TKT (1 << 23)
463 #define KRB5_TC_MATCH_IS_SKEY (1 << 22)
464
465 /* constants for get_flags and set_flags */
466 #define KRB5_TC_OPENCLOSE 0x00000001
467 #define KRB5_TC_NOTICKET 0x00000002
468
469 typedef AuthorizationData krb5_authdata;
470
471 typedef KRB_ERROR krb5_error;
472
473 typedef struct krb5_creds {
474 krb5_principal client;
475 krb5_principal server;
476 krb5_keyblock session;
477 krb5_times times;
478 krb5_data ticket;
479 krb5_data second_ticket;
480 krb5_authdata authdata;
481 krb5_addresses addresses;
482 krb5_ticket_flags flags;
483 } krb5_creds;
484
485 typedef struct krb5_cc_cache_cursor_data *krb5_cc_cache_cursor;
486
487 #define KRB5_CC_OPS_VERSION_0 0
488 #define KRB5_CC_OPS_VERSION_1 1
489 #define KRB5_CC_OPS_VERSION_2 2
490 #define KRB5_CC_OPS_VERSION_3 3
491 #define KRB5_CC_OPS_VERSION_5 5
492
493 /* Only extend the structure. Do not change signatures. */
494 typedef struct krb5_cc_ops {
495 /* Version 0 */
496 int version;
497 const char *prefix;
498 const char* (KRB5_CALLCONV * get_name)(krb5_context, krb5_ccache);
499 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, krb5_ccache *, const char *);
500 krb5_error_code (KRB5_CALLCONV * gen_new)(krb5_context, krb5_ccache *);
501 krb5_error_code (KRB5_CALLCONV * init)(krb5_context, krb5_ccache, krb5_principal);
502 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_ccache);
503 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_ccache);
504 krb5_error_code (KRB5_CALLCONV * store)(krb5_context, krb5_ccache, krb5_creds*);
505 krb5_error_code (KRB5_CALLCONV * retrieve)(krb5_context, krb5_ccache,
506 krb5_flags, const krb5_creds*, krb5_creds *);
507 krb5_error_code (KRB5_CALLCONV * get_princ)(krb5_context, krb5_ccache, krb5_principal*);
508 krb5_error_code (KRB5_CALLCONV * get_first)(krb5_context, krb5_ccache, krb5_cc_cursor *);
509 krb5_error_code (KRB5_CALLCONV * get_next)(krb5_context, krb5_ccache,
510 krb5_cc_cursor*, krb5_creds*);
511 krb5_error_code (KRB5_CALLCONV * end_get)(krb5_context, krb5_ccache, krb5_cc_cursor*);
512 krb5_error_code (KRB5_CALLCONV * remove_cred)(krb5_context, krb5_ccache,
513 krb5_flags, krb5_creds*);
514 krb5_error_code (KRB5_CALLCONV * set_flags)(krb5_context, krb5_ccache, krb5_flags);
515 int (KRB5_CALLCONV * get_version)(krb5_context, krb5_ccache);
516 krb5_error_code (KRB5_CALLCONV * get_cache_first)(krb5_context, krb5_cc_cursor *);
517 krb5_error_code (KRB5_CALLCONV * get_cache_next)(krb5_context, krb5_cc_cursor,
518 krb5_ccache *);
519 krb5_error_code (KRB5_CALLCONV * end_cache_get)(krb5_context, krb5_cc_cursor);
520 krb5_error_code (KRB5_CALLCONV * move)(krb5_context, krb5_ccache, krb5_ccache);
521 krb5_error_code (KRB5_CALLCONV * get_default_name)(krb5_context, char **);
522 /* Version 1 */
523 krb5_error_code (KRB5_CALLCONV * set_default)(krb5_context, krb5_ccache);
524 /* Version 2 */
525 krb5_error_code (KRB5_CALLCONV * lastchange)(krb5_context, krb5_ccache, krb5_timestamp *);
526 /* Version 3 */
527 krb5_error_code (KRB5_CALLCONV * set_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat);
528 krb5_error_code (KRB5_CALLCONV * get_kdc_offset)(krb5_context, krb5_ccache, krb5_deltat *);
529 /* Version 5 */
530 krb5_error_code (KRB5_CALLCONV * get_name_2)(krb5_context, krb5_ccache,
531 const char **id, const char **res,
532 const char **sub);
533 krb5_error_code (KRB5_CALLCONV * resolve_2)(krb5_context, krb5_ccache *id, const char *res,
534 const char *sub);
535 /* Add new functions here for versions 6 and above */
536 } krb5_cc_ops;
537
538 /*
539 * krb5_config_binding is identical to struct heim_config_binding
540 * within heimbase.h. Its format is public and used by callers of
541 * krb5_config_get_list() and krb5_config_vget_list().
542 */
543 enum krb5_config_type {
544 krb5_config_string,
545 krb5_config_list,
546 };
547 struct krb5_config_binding {
548 enum krb5_config_type type;
549 char *name;
550 struct krb5_config_binding *next;
551 union {
552 char *string;
553 struct krb5_config_binding *list;
554 void *generic;
555 } u;
556 };
557
558 typedef struct krb5_config_binding krb5_config_binding;
559 typedef krb5_config_binding krb5_config_section;
560
561 typedef struct krb5_ticket {
562 EncTicketPart ticket;
563 krb5_principal client;
564 krb5_principal server;
565 } krb5_ticket;
566
567 typedef Authenticator krb5_authenticator_data;
568
569 typedef krb5_authenticator_data *krb5_authenticator;
570
571 struct krb5_rcache_data;
572 typedef struct krb5_rcache_data *krb5_rcache;
573 typedef Authenticator krb5_donot_replay;
574
575 #define KRB5_STORAGE_HOST_BYTEORDER 0x01 /* old */
576 #define KRB5_STORAGE_PRINCIPAL_WRONG_NUM_COMPONENTS 0x02
577 #define KRB5_STORAGE_PRINCIPAL_NO_NAME_TYPE 0x04
578 #define KRB5_STORAGE_KEYBLOCK_KEYTYPE_TWICE 0x08
579 #define KRB5_STORAGE_BYTEORDER_MASK 0x70
580 #define KRB5_STORAGE_BYTEORDER_BE 0x00 /* default */
581 #define KRB5_STORAGE_BYTEORDER_PACKED 0x10
582 #define KRB5_STORAGE_BYTEORDER_LE 0x20
583 #define KRB5_STORAGE_BYTEORDER_HOST 0x40
584 #define KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 0x80
585
586 struct krb5_storage_data;
587 typedef struct krb5_storage_data krb5_storage;
588
589 typedef struct krb5_keytab_entry {
590 krb5_principal principal;
591 krb5_kvno vno;
592 krb5_keyblock keyblock;
593 uint32_t timestamp;
594 uint32_t flags;
595 krb5_principals aliases;
596 } krb5_keytab_entry;
597
598 typedef struct krb5_kt_cursor {
599 int fd;
600 krb5_storage *sp;
601 void *data;
602 } krb5_kt_cursor;
603
604 struct krb5_keytab_data;
605
606 typedef struct krb5_keytab_data *krb5_keytab;
607
608 #define KRB5_KT_PREFIX_MAX_LEN 30
609
610 struct krb5_keytab_data {
611 const char *prefix;
612 krb5_error_code (KRB5_CALLCONV * resolve)(krb5_context, const char*, krb5_keytab);
613 krb5_error_code (KRB5_CALLCONV * get_name)(krb5_context, krb5_keytab, char*, size_t);
614 krb5_error_code (KRB5_CALLCONV * close)(krb5_context, krb5_keytab);
615 krb5_error_code (KRB5_CALLCONV * destroy)(krb5_context, krb5_keytab);
616 krb5_error_code (KRB5_CALLCONV * get)(krb5_context, krb5_keytab, krb5_const_principal,
617 krb5_kvno, krb5_enctype, krb5_keytab_entry*);
618 krb5_error_code (KRB5_CALLCONV * start_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
619 krb5_error_code (KRB5_CALLCONV * next_entry)(krb5_context, krb5_keytab,
620 krb5_keytab_entry*, krb5_kt_cursor*);
621 krb5_error_code (KRB5_CALLCONV * end_seq_get)(krb5_context, krb5_keytab, krb5_kt_cursor*);
622 krb5_error_code (KRB5_CALLCONV * add)(krb5_context, krb5_keytab, krb5_keytab_entry*);
623 krb5_error_code (KRB5_CALLCONV * remove)(krb5_context, krb5_keytab, krb5_keytab_entry*);
624 void *data;
625 int32_t version;
626 };
627
628 typedef struct krb5_keytab_data krb5_kt_ops;
629
630 struct krb5_keytab_key_proc_args {
631 krb5_keytab keytab;
632 krb5_principal principal;
633 };
634
635 typedef struct krb5_keytab_key_proc_args krb5_keytab_key_proc_args;
636
637 typedef struct krb5_replay_data {
638 krb5_timestamp timestamp;
639 int32_t usec;
640 uint32_t seq;
641 } krb5_replay_data;
642
643 /* flags for krb5_auth_con_setflags */
644 enum {
645 KRB5_AUTH_CONTEXT_DO_TIME = 1,
646 KRB5_AUTH_CONTEXT_RET_TIME = 2,
647 KRB5_AUTH_CONTEXT_DO_SEQUENCE = 4,
648 KRB5_AUTH_CONTEXT_RET_SEQUENCE = 8,
649 KRB5_AUTH_CONTEXT_PERMIT_ALL = 16,
650 KRB5_AUTH_CONTEXT_USE_SUBKEY = 32,
651 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED = 64
652 };
653
654 /* flags for krb5_auth_con_genaddrs */
655 enum {
656 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_ADDR = 1,
657 KRB5_AUTH_CONTEXT_GENERATE_LOCAL_FULL_ADDR = 3,
658 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_ADDR = 4,
659 KRB5_AUTH_CONTEXT_GENERATE_REMOTE_FULL_ADDR = 12
660 };
661
662 typedef struct krb5_auth_context_data {
663 unsigned int flags;
664
665 krb5_address *local_address;
666 krb5_address *remote_address;
667 int16_t local_port;
668 int16_t remote_port;
669 krb5_keyblock *keyblock;
670 krb5_keyblock *local_subkey;
671 krb5_keyblock *remote_subkey;
672
673 uint32_t local_seqnumber;
674 uint32_t remote_seqnumber;
675
676 krb5_authenticator authenticator;
677
678 krb5_pointer i_vector;
679
680 krb5_rcache rcache;
681
682 krb5_keytype keytype; /* ¿requested key type ? */
683 krb5_cksumtype cksumtype; /* ¡requested checksum type! */
684
685 AuthorizationData *auth_data;
686
687 }krb5_auth_context_data, *krb5_auth_context;
688
689 typedef struct {
690 KDC_REP kdc_rep;
691 EncKDCRepPart enc_part;
692 KRB_ERROR error;
693 } krb5_kdc_rep;
694
695 extern const char *heimdal_version, *heimdal_long_version;
696
697 typedef void (KRB5_CALLCONV * krb5_log_log_func_t)(krb5_context,
698 const char*,
699 const char*,
700 void*);
701 typedef void (KRB5_CALLCONV * krb5_log_close_func_t)(void*);
702
703 typedef struct heim_log_facility_s krb5_log_facility;
704
705 typedef EncAPRepPart krb5_ap_rep_enc_part;
706
707 #define KRB5_RECVAUTH_IGNORE_VERSION 1
708
709 #define KRB5_SENDAUTH_VERSION "KRB5_SENDAUTH_V1.0"
710
711 #define KRB5_TGS_NAME_SIZE (6)
712 #define KRB5_TGS_NAME ("krbtgt")
713 #define KRB5_WELLKNOWN_NAME ("WELLKNOWN")
714 #define KRB5_ANON_NAME ("ANONYMOUS")
715 #define KRB5_ANON_REALM ("WELLKNOWN:ANONYMOUS")
716 #define KRB5_FEDERATED_NAME ("FEDERATED")
717 #define KRB5_FEDERATED_REALM ("WELLKNOWN:FEDERATED")
718 #define KRB5_WELLKNOWN_ORG_H5L_REALM ("WELLKNOWN:ORG.H5L")
719 #define KRB5_DIGEST_NAME ("digest")
720
721 #define KRB5_PKU2U_REALM_NAME ("WELLKNOWN:PKU2U")
722 #define KRB5_LKDC_REALM_NAME ("WELLKNOWN:COM.APPLE.LKDC")
723
724 #define KRB5_GSS_HOSTBASED_SERVICE_NAME ("WELLKNOWN:ORG.H5L.HOSTBASED-SERVICE")
725 #define KRB5_GSS_REFERALS_REALM_NAME ("WELLKNOWN:ORG.H5L.REFERALS-REALM")
726
727 typedef enum {
728 KRB5_PROMPT_TYPE_PASSWORD = 0x1,
729 KRB5_PROMPT_TYPE_NEW_PASSWORD = 0x2,
730 KRB5_PROMPT_TYPE_NEW_PASSWORD_AGAIN = 0x3,
731 KRB5_PROMPT_TYPE_PREAUTH = 0x4,
732 KRB5_PROMPT_TYPE_INFO = 0x5
733 } krb5_prompt_type;
734
735 typedef struct _krb5_prompt {
736 const char *prompt;
737 int hidden;
738 krb5_data *reply;
739 krb5_prompt_type type;
740 } krb5_prompt;
741
742 typedef int (KRB5_CALLCONV * krb5_prompter_fct)(krb5_context /*context*/,
743 void * /*data*/,
744 const char * /*name*/,
745 const char * /*banner*/,
746 int /*num_prompts*/,
747 krb5_prompt /*prompts*/[]);
748 typedef krb5_error_code (KRB5_CALLCONV * krb5_key_proc)(krb5_context /*context*/,
749 krb5_enctype /*type*/,
750 krb5_salt /*salt*/,
751 krb5_const_pointer /*keyseed*/,
752 krb5_keyblock ** /*key*/);
753 typedef krb5_error_code (KRB5_CALLCONV * krb5_decrypt_proc)(krb5_context /*context*/,
754 krb5_keyblock * /*key*/,
755 krb5_key_usage /*usage*/,
756 krb5_const_pointer /*decrypt_arg*/,
757 krb5_kdc_rep * /*dec_rep*/);
758 typedef krb5_error_code (KRB5_CALLCONV * krb5_s2k_proc)(krb5_context /*context*/,
759 krb5_enctype /*type*/,
760 krb5_const_pointer /*keyseed*/,
761 krb5_salt /*salt*/,
762 krb5_data * /*s2kparms*/,
763 krb5_keyblock ** /*key*/);
764
765 struct _krb5_get_init_creds_opt_private;
766
767 struct _krb5_get_init_creds_opt {
768 krb5_flags flags;
769 krb5_deltat tkt_life;
770 krb5_deltat renew_life;
771 int forwardable;
772 int proxiable;
773 int anonymous;
774 int change_password_prompt;
775 krb5_enctype *etype_list;
776 int etype_list_length;
777 krb5_addresses *address_list;
778 /* XXX the next three should not be used, as they may be
779 removed later */
780 krb5_preauthtype *preauth_list;
781 int preauth_list_length;
782 krb5_data *salt;
783 struct _krb5_get_init_creds_opt_private *opt_private;
784 };
785
786 typedef struct _krb5_get_init_creds_opt krb5_get_init_creds_opt;
787
788 #define KRB5_GET_INIT_CREDS_OPT_TKT_LIFE 0x0001
789 #define KRB5_GET_INIT_CREDS_OPT_RENEW_LIFE 0x0002
790 #define KRB5_GET_INIT_CREDS_OPT_FORWARDABLE 0x0004
791 #define KRB5_GET_INIT_CREDS_OPT_PROXIABLE 0x0008
792 #define KRB5_GET_INIT_CREDS_OPT_ETYPE_LIST 0x0010
793 #define KRB5_GET_INIT_CREDS_OPT_ADDRESS_LIST 0x0020
794 #define KRB5_GET_INIT_CREDS_OPT_PREAUTH_LIST 0x0040
795 #define KRB5_GET_INIT_CREDS_OPT_SALT 0x0080 /* no supported */
796 #define KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 0x0100
797 #define KRB5_GET_INIT_CREDS_OPT_DISABLE_TRANSITED_CHECK 0x0200
798 #define KRB5_GET_INIT_CREDS_OPT_CHANGE_PASSWORD_PROMPT 0x0400
799
800 /* krb5_init_creds_step flags argument */
801 #define KRB5_INIT_CREDS_STEP_FLAG_CONTINUE 0x0001
802
803 typedef struct _krb5_verify_init_creds_opt {
804 krb5_flags flags;
805 int ap_req_nofail;
806 } krb5_verify_init_creds_opt;
807
808 #define KRB5_VERIFY_INIT_CREDS_OPT_AP_REQ_NOFAIL 0x0001
809
810 typedef struct krb5_verify_opt {
811 unsigned int flags;
812 krb5_ccache ccache;
813 krb5_keytab keytab;
814 krb5_boolean secure;
815 const char *service;
816 } krb5_verify_opt;
817
818 #define KRB5_VERIFY_LREALMS 1
819 #define KRB5_VERIFY_NO_ADDRESSES 2
820
821 #define KRB5_KPASSWD_VERS_CHANGEPW 1
822 #define KRB5_KPASSWD_VERS_SETPW 0xff80
823
824 #define KRB5_KPASSWD_SUCCESS 0
825 #define KRB5_KPASSWD_MALFORMED 1
826 #define KRB5_KPASSWD_HARDERROR 2
827 #define KRB5_KPASSWD_AUTHERROR 3
828 #define KRB5_KPASSWD_SOFTERROR 4
829 #define KRB5_KPASSWD_ACCESSDENIED 5
830 #define KRB5_KPASSWD_BAD_VERSION 6
831 #define KRB5_KPASSWD_INITIAL_FLAG_NEEDED 7
832
833 #define KPASSWD_PORT 464
834
835 /* types for the new krbhst interface */
836 struct krb5_krbhst_data;
837 typedef struct krb5_krbhst_data *krb5_krbhst_handle;
838
839 #define KRB5_KRBHST_KDC 1
840 #define KRB5_KRBHST_ADMIN 2
841 #define KRB5_KRBHST_CHANGEPW 3
842 #define KRB5_KRBHST_KRB524 4
843 #define KRB5_KRBHST_KCA 5
844 #define KRB5_KRBHST_READONLY_ADMIN 6
845 #define KRB5_KRBHST_TKTBRIDGEAP 7
846
847 typedef struct krb5_krbhst_info {
848 enum { KRB5_KRBHST_UDP,
849 KRB5_KRBHST_TCP,
850 KRB5_KRBHST_HTTP } proto;
851 unsigned short port;
852 unsigned short def_port;
853 struct addrinfo *ai;
854 struct krb5_krbhst_info *next;
855 char hostname[1]; /* has to come last */
856 } krb5_krbhst_info;
857
858 /* flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags) */
859 enum {
860 KRB5_KRBHST_FLAGS_MASTER = 1,
861 KRB5_KRBHST_FLAGS_LARGE_MSG = 2
862 };
863
864 typedef krb5_error_code (*krb5_sendto_prexmit)(krb5_context, int, void *, int, krb5_data *);
865 typedef krb5_error_code
866 (KRB5_CALLCONV * krb5_send_to_kdc_func)(krb5_context, void *, krb5_krbhst_info *, time_t,
867 const krb5_data *, krb5_data *);
868
869 /** flags for krb5_parse_name_flags */
870 enum {
871 KRB5_PRINCIPAL_PARSE_NO_REALM = 1, /**< Require that there are no realm */
872 KRB5_PRINCIPAL_PARSE_REQUIRE_REALM = 2, /**< Require a realm present */
873 KRB5_PRINCIPAL_PARSE_ENTERPRISE = 4, /**< Parse as a NT-ENTERPRISE name */
874 KRB5_PRINCIPAL_PARSE_IGNORE_REALM = 8, /**< Ignore realm if present */
875 KRB5_PRINCIPAL_PARSE_NO_DEF_REALM = 16 /**< Don't default the realm */
876 };
877
878 /** flags for krb5_unparse_name_flags */
879 enum {
880 KRB5_PRINCIPAL_UNPARSE_SHORT = 1, /**< No realm if it is the default realm */
881 KRB5_PRINCIPAL_UNPARSE_NO_REALM = 2, /**< No realm */
882 KRB5_PRINCIPAL_UNPARSE_DISPLAY = 4 /**< No quoting */
883 };
884
885 typedef struct krb5_sendto_ctx_data *krb5_sendto_ctx;
886
887 #define KRB5_SENDTO_DONE 0
888 #define KRB5_SENDTO_RESET 1
889 #define KRB5_SENDTO_CONTINUE 2
890 #define KRB5_SENDTO_TIMEOUT 3
891 #define KRB5_SENDTO_INITIAL 4
892 #define KRB5_SENDTO_FILTER 5
893 #define KRB5_SENDTO_FAILED 6
894 #define KRB5_SENDTO_KRBHST 7
895
896 typedef krb5_error_code
897 (KRB5_CALLCONV * krb5_sendto_ctx_func)(krb5_context, krb5_sendto_ctx, void *,
898 const krb5_data *, int *);
899
900 enum krb5_plugin_type {
901 PLUGIN_TYPE_DATA = 1,
902 PLUGIN_TYPE_FUNC /* no longer supported */
903 };
904
905 /*
906 * Since <krb5/common_plugin.h> is new with Heimdal 8, users looking to write
907 * portable plugins across Heimdal 7 and 8 need a conditional compilation
908 * predicate from a header file that does exist in both major releases. This
909 * is as good a place as any to define a plugin source-compatibility version
910 * number.
911 *
912 * When this macro is defined and is equal to 1, the Heimdal 8 plugin source
913 * API, and <krb5/common_plugin.h> header are available and should be used.
914 *
915 * In Heimdal 7, this macro is not defined, and <krb5/common_plugin.h> may not
916 * be available.
917 */
918 #define KRB5_PLUGIN_COMMON_SPI_VERSION 1
919
920 #define KRB5_PLUGIN_INVOKE_ALL 1
921
922 typedef uintptr_t
923 (KRB5_LIB_CALL *krb5_get_instance_func_t)(const char *);
924
925 struct credentials; /* this is to keep the compiler happy */
926 struct getargs;
927 struct sockaddr;
928
929 /**
930 * Semi private, not stable yet
931 */
932
933 typedef struct krb5_crypto_iov {
934 unsigned int flags;
935 /* ignored */
936 #define KRB5_CRYPTO_TYPE_EMPTY 0
937 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_HEADER) */
938 #define KRB5_CRYPTO_TYPE_HEADER 1
939 /* IN and OUT */
940 #define KRB5_CRYPTO_TYPE_DATA 2
941 /* IN */
942 #define KRB5_CRYPTO_TYPE_SIGN_ONLY 3
943 /* (only for encryption) OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
944 #define KRB5_CRYPTO_TYPE_PADDING 4
945 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_TRAILER) */
946 #define KRB5_CRYPTO_TYPE_TRAILER 5
947 /* OUT krb5_crypto_length(KRB5_CRYPTO_TYPE_CHECKSUM) */
948 #define KRB5_CRYPTO_TYPE_CHECKSUM 6
949 krb5_data data;
950 } krb5_crypto_iov;
951
952
953 /* Glue for MIT */
954
955 typedef struct {
956 int32_t lr_type;
957 krb5_timestamp value;
958 } krb5_last_req_entry;
959
960 typedef krb5_error_code
961 (KRB5_CALLCONV * krb5_gic_process_last_req)(krb5_context, krb5_last_req_entry **, void *);
962
963 typedef struct {
964 krb5_enctype ks_enctype;
965 krb5int32 ks_salttype;
966 }krb5_key_salt_tuple;
967
968 /*
969 * Name canonicalization rule options
970 */
971
972 typedef enum krb5_name_canon_rule_options {
973 KRB5_NCRO_GC_ONLY = 1 << 0,
974 KRB5_NCRO_USE_REFERRALS = 1 << 1,
975 KRB5_NCRO_NO_REFERRALS = 1 << 2,
976 KRB5_NCRO_USE_FAST = 1 << 3,
977 KRB5_NCRO_USE_DNSSEC = 1 << 4,
978 KRB5_NCRO_LOOKUP_REALM = 1 << 5
979 } krb5_name_canon_rule_options;
980
981 typedef struct krb5_name_canon_rule_data *krb5_name_canon_rule;
982 typedef const struct krb5_name_canon_rule_data *krb5_const_name_canon_rule;
983 typedef struct krb5_name_canon_iterator_data *krb5_name_canon_iterator;
984
985 /*
986 * krb5_get_init_creds_opt_set_pkinit flags
987 */
988
989 #define KRB5_GIC_OPT_PKINIT_USE_ENCKEY 2 /* use RSA, not DH */
990 #define KRB5_GIC_OPT_PKINIT_ANONYMOUS 4 /* anonymous PKINIT */
991 #define KRB5_GIC_OPT_PKINIT_BTMM 8 /* reserved by Apple */
992 #define KRB5_GIC_OPT_PKINIT_NO_KDC_ANCHOR 16 /* do not authenticate KDC */
993
994 /*
995 * _krb5_principal_is_anonymous() flags
996 */
997 #define KRB5_ANON_MATCH_AUTHENTICATED 1 /* authenticated with anon flag */
998 #define KRB5_ANON_MATCH_UNAUTHENTICATED 2 /* anonymous PKINIT */
999 #define KRB5_ANON_IGNORE_NAME_TYPE 4 /* don't check the name type */
1000 #define KRB5_ANON_MATCH_ANY ( KRB5_ANON_MATCH_AUTHENTICATED | \
1001 KRB5_ANON_MATCH_UNAUTHENTICATED )
1002 #define KRB5_ANON_MATCH_ANY_NONT ( KRB5_ANON_MATCH_ANY | \
1003 KRB5_ANON_IGNORE_NAME_TYPE )
1004
1005 /*
1006 *
1007 */
1008
1009 struct hx509_certs_data;
1010 typedef struct krb5_kx509_req_ctx_data *krb5_kx509_req_ctx;
1011
1012 #include <krb5-protos.h>
1013
1014 /* variables */
1015
1016 extern KRB5_LIB_VARIABLE const char *krb5_config_file;
1017 extern KRB5_LIB_VARIABLE const char *krb5_defkeyname;
1018
1019
1020 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_acc_ops;
1021 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_dcc_ops;
1022 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_fcc_ops;
1023 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_mcc_ops;
1024 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_kcm_ops;
1025 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_akcm_ops;
1026 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_scc_ops;
1027 extern KRB5_LIB_VARIABLE const krb5_cc_ops krb5_krcc_ops;
1028
1029 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_fkt_ops;
1030 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_wrfkt_ops;
1031 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_javakt_ops;
1032 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_mkt_ops;
1033 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_akf_ops;
1034 extern KRB5_LIB_VARIABLE const krb5_kt_ops krb5_any_ops;
1035
1036 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_api;
1037 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_file;
1038 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_memory;
1039 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_kcm;
1040 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_scc;
1041 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_dcc;
1042 extern KRB5_LIB_VARIABLE const char *krb5_cc_type_keyring;
1043
1044 /* clang analyzer workarounds */
1045
1046 #ifdef __clang_analyzer__
1047 /*
1048 * The clang analyzer (lint) can't know that krb5_enomem() always returns
1049 * non-zero, so code like:
1050 *
1051 * if ((x = malloc(...)) == NULL)
1052 * ret = krb5_enomem(context)
1053 * if (ret == 0)
1054 * *x = ...;
1055 *
1056 * causes false positives.
1057 *
1058 * The fix is to make krb5_enomem() a macro that always evaluates to ENOMEM.
1059 */
1060 #define krb5_enomem(c) (krb5_enomem(c), ENOMEM)
1061 #endif
1062
1063 #endif /* __KRB5_H__ */
1064
Heimdal